On Fri, 31 May 2013 04:58:03 -0700
Rob Sheldon <rob_at_associatedtechs.com> wrote:
> On 2013-05-30 21:34, Loïc BLOT wrote:
>
> > Hello Rob,
> > I use OpenBSD and squid 3.3.4 in production environment, you'll
> > exactly
> > what you need here:
> > http://www.unix-experience.fr/2013/create-a-powerfull-proxy-cache-with-squid-and-openbsd-2/#sthash.9SpWE1kn.dpbs
> > [2]
> > Have a nice day
>
> Thanks -- that looks like a good guide, and I wish I'd found it before
> the other one.
>
> However: it looks like your guide was written for a physical squid
> server separate from a physical firewall, and other than that, I can't
> find a significant difference between the configuration in your guide
> and my problematic configuration.
>
> Maybe there's some kind of routing issue with doing an rdr on a machine
> running both the firewall and the proxy functions?
>
> ...hmm. That might be it, actually. Since Squid is binding to the LAN
> interface, trying to rdr packets coming in on the LAN interface back to
> a service on the LAN interface won't work. I'll try setting http_port to
> one of the other interfaces and see if that changes anything.
>
> Thanks,
>
> - R.
Try setting squid to listen on loopback address:
http_port 127.0.0.1:3128 intercept
Redirect web traffic to loopback address in pf:
pass in quick on $if_int inet proto tcp from 192.168.0.209 to any \
port { www https } rdr-to 127.0.0.1 port 3128
-- Marko CupaćReceived on Fri May 31 2013 - 12:27:23 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 01 2013 - 12:00:07 MDT